On Tue, 04 Sep 2007 12:31:15 +0300, Lars Wirzenius <liw@iki.fi> wrote:
>> I stop brute force attacks by sending auth log messages to a FIFO which I
>> read with a perl script. After 10 login failures, your IP is firewalled for
>> 24 hours.
>I'm sure it does work great. Can you work on making sure it is the
>default in lenny if openssh-server is installed?
It's the type of thing an admin can do locally: set up syslog.conf so
that it copies auth log data to a FIFO:
> auth.info -/var/log/auth
> auth.=notice -/var/log/auth.notice
> auth.=notice |/var/tmp/hostaccess.sshd
And then read it with a program or script which makes local decisions
on how to handle it.
If someone wants to take that idea and distribute it with debian, go
for it. Personally, I don't have time to fight the political battle
that would ensue.
--
Internet service
http://www.isp2dial.com/